試験PT0-003 トピック1 問題191 スレッド

CompTIA PT0-003のリアル試験問題集
問題 #: 191
トピック #: 1

A penetration tester is conducting an assessment of an organization that has both a web and mobile application. While testing the user profile page, the penetration tester notices that additional data is returned in the API response, which is not displayed in the web user interface. Which of the following is the most effective technique to extract sensitive user data?

A. Compare PI I from data leaks to publicly exposed user profiles.

B. Target the user profile page with a denial-of-service attack.

C. Target the user profile page with a reflected XSS attack.

D. Compare the API response fields to GUI fields looking for PH.

おすすめの解答：D 解答を投票する

When additional data is returned in the API response that is not displayed in the web user interface, it indicates that there might be sensitive data being transmitted that is not intended for user display. By comparing the fields returned in the API response to those that are visible in the GUI, a penetration tester can identify any Personally Identifiable Information (PII) or other sensitive data that might be exposed unintentionally. This method is direct and does not involve attacking the system but rather analyzing the data being transmitted. The other options do not directly address the identification of sensitive data in API responses.

河合** 2026-05-04 08:28:44

時間限定で

15%

オフ

プレミアムのPT0-003問題集のセルフテストエンジンまたはPDFをゲットしよう

弊社を連絡する

我々は１２時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間：( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート：現在連絡

試験PT0-003 トピック1 問題191 スレッド

コメント

弊社を連絡する

関連リンク

トップ試験